Linux DNS systemd-resolved lookup refused.

[yuyalun-allen]

Operating system

Linux

System version

Linux desktop-allen 6.18.6-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Sun, 18 Jan 2026 00:33:55 +0000 x86_64 GNU/Linux

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.12.17

Environment: go1.25.6 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_acme,with_clash_api,with_tailscale
Revision: 51ce402dbb14469bed8ae041afa7e14751595881
CGO: disabled

Description

Cannot use linux systemd-resolved to resolve local domain name.
When I configure the dns as below:

    "servers": [
      {
        "type": "local",
        "tag": "local"
      },
      {
        "type": "https",
        "tag": "cn",
        "server": "223.5.5.5"
      },
      {
        "type": "https",
        "tag": "google",
        "detour": "auto",
        "server": "1.1.1.1"
      }
    ],
    "rules": [
      {
        "domain_suffix": [".local"],
        "server": "local"
      },
      {
        "domain": "gladns.com",
        "server": "cn"
      },
      {
        "rule_set": "geosite-geolocation-cn",
        "server": "cn"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "rule_set": "geosite-geolocation-!cn",
            "invert": true
          },
          {
            "rule_set": "geoip-cn"
          }
        ],
        "server": "google",
        "client_subnet": "114.114.114.114/24"
      }
    ],
    "final": "google",
    "strategy": "ipv4_only"
  },

and dns strategy as:

    "default_domain_resolver": "local"

I get

Jan 26 23:57:01 desktop-allen sing-box[370468]: +0800 2026-01-26 23:57:01 ERROR [2291099321 2ms] connection: open connection to yoga-allen.local:8080 using outbound/direct[direct]: lookup yoga-allen.local: REFUSED

Reproduction

1. start sing-box service.
2. visit a local domain in browser like "yoga-allen.local:8080"
3. browser says "502 bad gateway" and the log shows "lookup yoga-allen.local: REFUSED"

I can confirm the connection can be set correctly with ping and if I set "do not use proxy .local in browser everything would be fine.

Logs

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[yuyalun-allen]

A workaround for this issue is add "ignore hosts" in system proxy settings (for me under sing-box mixed mode and gnome network settings), but I really hope local DNS lookup on linux can be handled properly with sing-box.
Regards.

[megapro17]

Where is full config with inbounds and outbounds???

[yuyalun-allen]

My apology. Since I suppose it's the issue of DNS, I only showed this part. Here is the full config (with server and password obfuscation.)

config.json